Remote access and secure data exchange

Hi guys
Hope you can me out. I'm looking for some guidance on the following scenario.
My company recently went into partnership with a company that have Point of Sale systems and servers. My company want to retrieve data on POS and server and connect the figures to our financial system at head-quarters.

Issue number 1: We currently to not have control of POS and Servers. We do not software, anti-virus, patching etc on those machines as they are managed by other consultants.
Our application guys just want to create VPN between sites and allow those system to communicate through our firewall over specific ports. I don't think this is the best way to proceed.

Issue number 2: Headquarters want to access the POS to manage or troubleshoot systems on occasion. Would GotoAssist, NetSupport or WebEx be secure viable solutions for this?

Thank you in advance for your help. Any guidance for people that went through these types of things would relieve some stress over here...

CP
CPropAsked:
Who is Participating?
 
aleghartConnect With a Mentor Commented:
Not sure why you think a VPN is a bad idea.  It's far better than any transmission over the internet.  You can also use the VPN tunnel for remote access in a secure manner.  No ports open to internet.

If you have a lot of units and techs, than a cost-effective tool is ScreenConnect.  For $3,000 you get an unlimited server license for any number of endpoints and techs and open sessions.  Any of the other tools will cost that much for just 2 or 3 techs.

I ran a demo server.  Remote connections were faster and clearer than TeamViewer, which is already faster and clearer than GoTo__, LogMeIn, and WebEx.

You can white-label or private-brand the server GUI.  Using MS Windows & Internet Explorer from the tech's workstation is the best experience.  You can scale the user's screen quickly.  No scrolling.  Multiple monitors are fine too.

I used it to connect to a workstation with a vertical 1920x1080 monitor plus a 2MP horizontal monitor.  The clarity was impressive.  Could see x-ray images without a lot of artifacting or banding.
0
 
Michael OrtegaConnect With a Mentor Sales & Systems EngineerCommented:
What POS are you referring to? Some POS systems have tools already developed to export financial data natively.

Lots of different ways to administer your systems. Bomgar and CommandCenter are appliance based systems that even target the POS/KIOSK markets.

MO
0
 
CPropAuthor Commented:
This is a good starting point for me
To answer the questions:
- The POS system is Pro-ShopKeeper from Club Prophet Systems.

Just a bit of clarification, I don't think the VPN is a bad idea per say. Encrypted tunnel is a good thing between 2 trusted sites.
I'm hesitant about doing this with a site where we don't control the end-point and the users that use those systems. They might install malware from malicious websites and VPN tunnel would be a vector into our organization.

Looking foward to your response

CP
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
aleghartCommented:
Tunnel can be limited at either end, and by service/port.  So, you could have access to their /24 network, and limit them to just your remote control server or patch server, etc.
0
 
CPropAuthor Commented:
Maybe you are right. I might just being overly paranoid on that front.
I was looking at scenario about a malicious application that  tunnel through that service/port?
I know my boss will ask about that and I'm not sure about the risk.
Things like an reverse proxy or application firewall for deep packet inspection?

CP
0
 
aleghartCommented:
If you limit your endpoint to port 1001 at 10.0.0.1, then the only exposure is that host on only port 1001.  Attempts to reach any other host or any other port will be blocked by your VPN policy.

If any other party tries to make a VPN connection, they would need the correct tunnel config and pre-shared key...and would have to have an IP address that matches your policy.

If you ever need to disconnect a client, or decide to cease operations with a customer, either end can disable the tunnel, and there will be zero access.
0
 
CPropAuthor Commented:
Thanks guys, I really appreciated the quick response on this topic.

Chris
0
All Courses

From novice to tech pro — start learning today.